Jump to content
Kaspersky Support Forum

Website false alarm

aq777

By aq777
in Virus and Ransomware related questions

 Share
Go to solution Solved by Flood and Flood's wife,

Recommended Posts

aq777

aq777

Posted
Posted

When I visit this completely legit website, my up-to-date KIS 21.3.10.391 reports that it is infected when in reality it is not:

https:// therootbrands . com/de/product/rs/

Any suggestions? Thanks.

 

 

image.thumb.png.efbe8616f3f45ec4a2137595f2ade998.png

aq777

aq777

Posted
  • Author
Posted

Thx Harlan, I analyzed and wanted to send it to reanalysis however I am unable to do so:

 

image.thumb.png.fb3fb615986cb2676c04e3eac41a9c65.png

harlan4096

harlan4096

Posted
Posted

Hum yeah, I'm getting the same error, it seems there is some kind of issue with the service now, let's wait a bit and try again 🤔

aq777

aq777

Posted
  • Author
Posted
6 hours ago, harlan4096 said:

Still getting error...

Me too... Maybe this "submit to reanalysis" error should be reported as well...

  • Thanks 1
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted (edited)
On 10/13/2023 at 2:59 AM, aq777 said:

When I visit this completely legit website, my up-to-date KIS 21.3.10.391 reports that it is infected when in reality it is not: https:// therootbrands . com/de/product/rs/

  1. Any suggestions? 
On 10/13/2023 at 11:32 PM, aq777 said:

2. Me too... Maybe this "submit to reanalysis" error should be reported as well...

Hello @aq777

Thank you for posting back!

  1. We've submitted the data using step 3 of Kaspersky's documented process: Kaspersky application blocks my website or application. What should I do?, please wait for a response from the Virus Lab, we will post it when it's available
  2. https://opentip.kaspersky.com/ is working for other submissions (image 2), just not the www that (you're) concerned about (image 1). 

https://www.virustotal.com/gui/url/1a0a88d755dae5584d4794a3dbdf612a395b7eecfcc38308d182d17a27474193

image.thumb.jpeg.26d729dc8c2cbeba342f283953d4eb85.jpeg

image.thumb.jpeg.5a3408f463fe3aecead29ab677727e08.jpeg

image.thumb.jpeg.5b2a454f2bf11707ac9e965e9d55d5ab.jpeg

Thank you🙏
Flood🐳+🐋

Edited by Flood and Flood's wife
grammar😌
  • Like 1
Berny

Berny

Posted
Posted
On 10/13/2023 at 2:32 PM, aq777 said:

Maybe this "submit to reanalysis" error should be reported as well...

Has been done.

  • Like 1
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted
19 hours ago, Berny said:

Has been done.

FYI @Berny

As we advised & showed in our post to @aq777, there is nothing wrong with Kaspersky's Threat Intelligence Portal, all URLS submitted via - Submit to reanalyze are processing *normally* = as expected - the only issue is with one URL - that being the one that @aq777 could not submit for analysis. 

Flood🐳+🐋

  • Solution
Flood and Flood's wife

Flood and Flood's wife

Posted
  • Solution
Posted (edited)
On 10/13/2023 at 2:59 AM, aq777 said:

When I visit this completely legit website, my up-to-date KIS 21.3.10.391 reports that it is infected when in reality it is not: https:// therootbrands . com/de/product/rs/

Hello @aq777

Update from Kaspersky Virus Lab:

  • "The classification is correct.
  • This site has been compromised.
  • The site distributes PDF documents containing phishing and malicious URLs.
  • These files are located on the following path: therootbrands.com/wp-content/uploads/2022/12/*
  • They suggested removing the phishing/malicious files at the mentioned path.
  • Also, they recommend changing passwords to all services that can be used to modify website content because they may have been stolen." 

IF (you) have contact with the owners of the www you may wish to share this information with them. 

Thank you🙏
Flood🐳+🐋

Edited by Flood and Flood's wife
grammar😌
  • Like 1
Berny

Berny

Posted
Posted
On 10/13/2023 at 2:32 PM, aq777 said:

Maybe this "submit to reanalysis" error should be reported as well...

Also , here is a Topic about the same issue with another URL,
I could reproduce the issue on my side with some other URLs.

k_open_tip.jpg.ad91628fbc66c816641defe520d9d71a.jpg

  • Like 2
aq777

aq777

Posted
  • Author
Posted

Thank you all for your help!

I will contact the site's owner and convey the findings. 👍

  • Like 2
  • Thanks 1
  • 2 weeks later...
aq777

aq777

Posted
  • Author
Posted

Update: site owners apparently cleaned the above path from the bad PDF files because KIS no longer reports an infection when I visit that page.

Flood and Flood's wife

Flood and Flood's wife

Posted
Posted
2 hours ago, aq777 said:

Update: site owners apparently cleaned the above path from the bad PDF files because KIS no longer reports an infection when I visit that page.

Hello @aq777

Welcome back!

  1. Did the site owners *actually* confirm to (you) they have cleaned their site? 
  2. Images - as follows, from checking today: 2nd November 2023, after reading (your) update: image 1 = your original URL, image 2 = the URL the Virus Lab experts sent in their advisory, image 3 = Kaspersky Report, image 4 = generic Google search for "therootbrands" -> ioo the issue persists: 

image.thumb.jpeg.25912c598772050d6966fa25440ce9f9.jpeg

 

image.thumb.jpeg.3baa02c6a8fee4ccee90bdf7ecf6b14e.jpeg

 

image.thumb.jpeg.1f6404e4381076f424769d4e1e5547b9.jpeg

 

image.thumb.jpeg.8bbedeb9b9bdac9ec72b17174dd5a417.jpeg

Thank you🙏
Flood🐳+🐋

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing


×
×
  • Create New...